HTTP: Windows Help and Support Center Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Windows Help and Support Center. An attacker can create a malicious Web site containing Web pages with dangerous hyperlinks, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Microsoft Windows Help And Support Center is prone to a trusted document whitelist bypass vulnerability. This issue may allow remote untrusted attackers to access arbitrary help documents which may lead to various attacks. An attacker can combine this vulnerability with another issue, such as the weakness described in BID 40721 (Microsoft Help and Support Center 'sysinfo/sysinfomain.htm' Cross Site Scripting Weakness) to execute arbitrary code on a vulnerable computer. NOTE: This issue may cause Internet Explorer 8 and other browsers to launch a warning dialog box, but this protection can be evaded by placing the attacker-supplied link in a media file and supplying the file to a user through the browser, which then launches Windows Media player and doesn't cause the warning dialog to be presented. Internet Explorer 7 and prior versions do not launch any dialog boxes when this issue is triggered. This issue is reported to affect Windows XP and Windows Server 2003; other versions of Windows may be vulnerable as well.
Affected Products
Avaya messaging_application_server,Microsoft windows_xp_professional
Short Name
HTTP:STC:WHSC-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2004-0474 CVE-2010-1885 Center Code Execution Help Remote Support Windows and bid:40725 bid:9621
Release Date
06/10/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
9.3
5.1